AD Authentication will succeed when wrong password given

The Knowledgebase provides a database of answers to many Technical questions.

AD Authentication will succeed when wrong password given

Postby FTP » Fri Nov 05, 2010 6:02 am

We use Windows API "LogonUser" for Windows Authentication (AD Authentication), but there is known security issue in Windows system: if Windows built-in 'Guest' account is enabled, and Windows Authentication is enabled too, then the logon API "LogonUser" will return true for everyone, it means everyone can login even using wrong password.

So the most important thing is to disable the built-in 'Guest' account if you want to use Windows Authentication. BTW, from version 3.6.9, we add a feature for stopping Windows Authentication automatically if Guest account is enabled, you can upgrade to the latest version.
FTP
Site Admin
 
posts 1200
 
joined Tue Sep 29, 2009 6:09 am

Return to Knowledgebase

Who is online

Users browsing this forum: No registered users and 0 guests